---- On Mon, 28 Jul 2025 13:55:47 -0400 Andrew Cooper
<andrew.coop...@citrix.com> wrote ---
> Most indentation is with tabs, but a few spaces have slipped in. Switch
> them
> back to tabs.
>
> No functional change.
>
> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
> ---
> CC: Daniel P. Smith <dpsm...@apertussolutions.com>
> ---
> tools/flask/policy/modules/xen.if | 28 ++++++++++++++--------------
> 1 file changed, 14 insertions(+), 14 deletions(-)
>
> diff --git a/tools/flask/policy/modules/xen.if
> b/tools/flask/policy/modules/xen.if
> index cff51febbfdf..cfa11b27b786 100644
> --- a/tools/flask/policy/modules/xen.if
> +++ b/tools/flask/policy/modules/xen.if
> @@ -95,7 +95,7 @@ define(`manage_domain', `
> getaddrsize pause unpause trigger shutdown destroy
> setaffinity setdomainmaxmem getscheduler resume
> setpodtarget getpodtarget getpagingmempool setpagingmempool };
> - allow $1 $2:domain2 { set_vnumainfo dt_overlay get_domain_state };
> + allow $1 $2:domain2 { set_vnumainfo dt_overlay get_domain_state };
> ')
>
> # migrate_domain_out(priv, target)
> @@ -182,9 +182,9 @@ define(`make_device_model', `
> # Allow a device to be used by a domain
> # only if an IOMMU provides isolation.
> define(`use_device_iommu', `
> - allow $1 $1_self:mmu exchange;
> - allow $1 $2:resource use_iommu;
> - allow $1 domio_t:mmu { map_read map_write };
> + allow $1 $1_self:mmu exchange;
> + allow $1 $2:resource use_iommu;
> + allow $1 domio_t:mmu { map_read map_write };
> ')
>
> # use_device_iommu_nointremap(domain, device)
> @@ -193,30 +193,30 @@ define(`use_device_iommu', `
> # interrupt remapping.
> # Allows acceptance of (typically older) less isolating hardware.
> define(`use_device_iommu_nointremap', `
> - allow $1 $1_self:mmu exchange;
> - allow $1 $2:resource { use_iommu use_iommu_nointremap };
> - allow $1 domio_t:mmu { map_read map_write };
> + allow $1 $1_self:mmu exchange;
> + allow $1 $2:resource { use_iommu use_iommu_nointremap };
> + allow $1 domio_t:mmu { map_read map_write };
> ')
>
> # use_device_noiommu(domain, device)
> # Allow a device to be used by a domain
> # even without an IOMMU available.
> define(`use_device_noiommu', `
> - allow $1 $1_self:mmu exchange;
> - allow $1 $2:resource { use_iommu use_iommu_nointremap use_noiommu };
> - allow $1 domio_t:mmu { map_read map_write };
> + allow $1 $1_self:mmu exchange;
> + allow $1 $2:resource { use_iommu use_iommu_nointremap use_noiommu };
> + allow $1 domio_t:mmu { map_read map_write };
> ')
>
> # admin_device(domain, device)
> # Allow a device to be used and delegated by a domain
> define(`admin_device', `
> - allow $1 $2:resource { setup stat_device add_device add_irq add_iomem
> add_ioport remove_device remove_irq remove_iomem remove_ioport plug unplug
> };
> - allow $1 $2:hvm bind_irq;
> - use_device_noiommu($1, $2)
> + allow $1 $2:resource { setup stat_device add_device add_irq add_iomem
> add_ioport remove_device remove_irq remove_iomem remove_ioport plug unplug
> };
> + allow $1 $2:hvm bind_irq;
> + use_device_noiommu($1, $2)
> ')
>
> # delegate_devices(priv-domain, target-domain)
> # Allow devices to be delegated
> define(`delegate_devices', `
> - allow $1 $2:resource { add remove };
> + allow $1 $2:resource { add remove };
> ')
> --
> 2.39.5
>
>
Acked-by: Daniel P. Smith <dpsm...@apertussolutions.com>
